The Feds have indicted a dozen people for allegedly using hacked cell phone accounts to “upgrade” to nice, shiny new iPhones and other pricey gadgets, waltzing into stores to pay the small upgrade fees, sticking victims with the rest of the costs, selling the loot for full purchase price, and pocketing the profit.
The US Department of Justice (DOJ) announced the indictments on Thursday.
Geoffrey S. Berman, the US Attorney for the Southern District of New York, and Angel M. Melendez, a special agent with the New York office of the Immigration and Customs Enforcement’s (ICE’s) Homeland Security Investigations (HSI), said they’ve got seven suspects – six were arrested in southern New York, and one in Ohio – while another five are still on the loose.
They stand accused of improperly accessing more than 3,300 customers’ cellphone accounts and defrauding those accounts of the cost of more than 1,200 cellphones, causing losses of more than $1 million.
Berman said that the fraud ring pulled off the heists, which were carried out nationwide, by first allegedly buying their victims’ account details off the dark web, then allegedly hacking into their accounts.
Melendez said that the fraud network was operating out of New York – most particularly in the Bronx, which is where they sold many of the iPhones, iPads, tablets and watches they bilked people out of. It was also operating out of the Dominican Republic; from other, unspecified places; and on the dark web, he said.
According to the indictment, defendants allegedly traveled to 30 states to get the phones, then often brought them back to the Bronx to sell through fencing operations. The cellphone carriers absorbed the financial losses, but the victims suffered the theft of their identities and/or had their accounts accessed without authorization.
Besides charging the vast majority of the devices’ fees to existing customers’ accounts, the fraudsters sometimes created new, bogus accounts, the indictment says. Over time, they changed tactics to stay ahead of law enforcement.
Their techniques included:
- Using Bitcoin to buy cellphone customers’ personally identifiable information (PII) on the dark web, then using that information to convince stores that sell cellphones that they were legitimate account holders.
- Phishing account details out of victims with emails that were laced with rigged links.
- Using bogus IDs to convince store owners that they were someone else.
- Buying phones with their real names and fake Social Security numbers that appeared to (and sometimes did) match the spelling of their real names. The taxpayer IDs really belonged to other people, and those people had their credit damaged as a result of the fraud.
HSI officer George Murphy Whalen said in the indictment that at the time of a police raid carried out on 15 August 2017, investigators believed the hub of the operation to be in Mt. Vernon, New York. That’s where they traced two IP addresses used to get into at least 3,300 victims’ cellphone accounts.
During that raid, they arrested six of the defendants: Mario Diaz, Tomas Guillen, Jose Argelis Diaz, Jonathan Diaz, Eddy Morrobel, Rayniel Robles, and Ronnie De Leon. The five suspects who remain at large are Isaac Concepcion Aquino, Joel Pena, Ruddy Sanchez, Michael Roque, and Joandra Tejada Gonzalez.
All of the suspects have been charged with conspiracy to commit wire fraud and aggravated identity theft.
According to the criminal complaint, a former gang member who’d previously been convicted of a felony cooperated with investigators to get a lighter sentence. As part of the deal, he ratted out the fraud ring by giving the investigators details about the Mt. Vernon residence.
During the raid, police seized 12 computers, five iPads, receipts from Western Union and MoneyGram transactions, evidence of Bitcoin and bank transactions, and several SIM cards.
As we noted earlier this month, when an alleged SIM-swap scammer was nabbed for allegedly stealing $5m in Bitcoin and other cryptocurrencies, SIM cards are at the heart of some serious, big-buck rip offs. Just one of the scammer’s alleged victims, a cryptocurrency investor, allegedly lost nearly $1.5m that he had crowdfunded in an Initial Coin Offering (ICO). It was one of at least three attacks during Coindesk’s Consensus conference.
On one of the computers, they found a 15-minute video, in Spanish, on how to commit cellphone fraud, the Feds allege. They say that investigators also found Google searches that reveal an interest in phone fraud on the part of whoever was using the seized devices.
They used a license plate reader to track one of the defendants, Ronnie De Leon, on a 2 December 2017 trip from Wisconsin to Bloomington, Minnesota. According to the complaint, investigators recorded him as being within a 20-minute drive from Roseville, Minnesota, where a fraudulent iPhone purchase was made that same day under De Leon’s name and a fraud victim’s mobile account.
When police arrested De Leon on 5 December, police saw, without needing to unlock the account, mobile account change notifications linked to a fraud victim’s account on his home screen, the complaint alleges.
The suspects are facing a maximum penalty of 20 years for conspiracy to commit wire fraud and two years for aggravated identity theft, though maximum sentences are rarely handed out.